Howdy all, requesting help on a media project

The fear of every surveillance society: citizens protecting their own privacy with strong cryptography

Re: Howdy all, requesting help on a media project

Post by thetan on Mon Jan 25, 2010 1:20 am
([msg=33855]see Re: Howdy all, requesting help on a media project[/msg])

you can DoS a single computer on a network through ARP table manipulations. This is the same (outdated) method used by systems meant to deny access to servers before sending them to a captive portal first and then once access is granted they'll modify the clients ARP cache to point at the correct server.

The same can be done to isolate a host from a network (deny him from the entire network). The simplest way this can be achieved is by associating the clients default gateway with the MAC address of a non existent computer. This isn't a flood, doesn't require an insane amount of bandwidth, just a couple of forged ARP packets targeted at the victim. Ettercap ships with an isolation plugin meant specifically for this.

If you wish to just deny him from a single website (instead of the entire network/internet) then you can perform a Man In The Middle Attack, write a custom filter/plug-in for ettercap that will drop all packets coming from a specific host trying to access a specific website.
"If art interprets our dreams, the computer executes them in the guise of programs!" - SICP

Image

“If at first, the idea is not absurd, then there is no hope for it” - Albert Einstein
User avatar
thetan
Contributor
Contributor
 
Posts: 657
Joined: Thu Dec 17, 2009 6:58 pm
Location: Various Bay Area Cities, California
Blog: View Blog (0)


Re: Howdy all, requesting help on a media project

Post by SAI-Revenant on Mon Jan 25, 2010 1:49 am
([msg=33857]see Re: Howdy all, requesting help on a media project[/msg])

thetan wrote:you can DoS a single computer on a network through ARP table manipulations. This is the same (outdated) method used by systems meant to deny access to servers before sending them to a captive portal first and then once access is granted they'll modify the clients ARP cache to point at the correct server.

The same can be done to isolate a host from a network (deny him from the entire network). The simplest way this can be achieved is by associating the clients default gateway with the MAC address of a non existent computer. This isn't a flood, doesn't require an insane amount of bandwidth, just a couple of forged ARP packets targeted at the victim. Ettercap ships with an isolation plugin meant specifically for this.

If you wish to just deny him from a single website (instead of the entire network/internet) then you can perform a Man In The Middle Attack, write a custom filter/plug-in for ettercap that will drop all packets coming from a specific host trying to access a specific website.



I have no idea what the 2nd and 3rd method are, but they sound great to use to explain things for the project.

Guys, I really appreciate this. This wont be happening for...a long while, perhaps 2 or 3 months, maybe a little longer. When we do get it up, I'll let you guys know!

Appreciated, greatly.
SAI-Revenant
New User
New User
 
Posts: 5
Joined: Sun Jan 24, 2010 6:08 pm
Blog: View Blog (0)


Re: Howdy all, requesting help on a media project

Post by insomaniacal on Mon Jan 25, 2010 4:08 pm
([msg=33886]see Re: Howdy all, requesting help on a media project[/msg])

The problem with a man in the middle attack is that you must make sure the data they are trying to send goes to your system first, so you can manipulate the request and send it on to the router. Normally, it works like this.

Computer A > sends a request > Router A receives the request > Router A does whatever the request says > Router A sends Computer A whatever it requested.

A Mitm attack basically tricks Computer A into sending the requests to another computer by ARP poisoning. The requests can be manipulated or filtered on Computer B, before being sent on to Router A.

This is a simplified explanation, but it's hopefully sufficient.
It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
User avatar
insomaniacal
Addict
Addict
 
Posts: 1210
Joined: Sun May 24, 2009 10:21 am
Blog: View Blog (0)


Previous

Return to Crypto

Who is online

Users browsing this forum: No registered users and 0 guests